Article Read Time
Did you know that cyber insurance companies are currently facing massive losses? This might sound unbelievable, but it’s true. In 2020, the average ransom payment was $300,000. However, by 2023, this amount had increased to $1,500,000 – a 500% hike in just three years! This has forced significant new cyber insurance requirements.
Why such a significant increase?
The frequency of ransomware attacks has increased exponentially. In 2022, cybercriminals targeted a staggering 77% of all organizations.
The cost of incident response and replacing IT inventory has increased, which is not surprising given the current trend of rising prices.
Many organizations have poor cyber security practices and inadequate incident response plans. It is common to hear statements such as “I don’t need cyber security because I have insurance” or “We are okay because small organizations are not targeted.” However, these beliefs are often misguided and put organizations at risk.
Did you know that some cyber insurance plans provide coverage for business interruption? It’s worth considering the cost of computer downtime. Imagine the cost if your computers were down for a day, a week, two weeks, or even a month. Shockingly, the average downtime after a ransomware attack is 24 days.
According to a recent study, small and medium-sized enterprises impacted by cyber claims faced an average of $343,000 in business interruption expenses as they worked to recover.
If you were an insurance company, what would you do?
Many insurance companies are withdrawing from the cyber insurance market due to unpredictability. Moreover, some insurers are rejecting more claims and declining to renew policies for sectors that pose higher risks. Most reputable insurers have significantly tightened their underwriting standards to minimize their risks, and as a result, premiums have surged. In particular, in addition to the new cyber insurance requirements, the average premiums for standalone cyber coverage have increased by over 70% annually since 2020.
So, how can you prepare for new cyber insurance requirements?
Step 1: Make sure you are covered.
First, you may not have coverage, and if you do, it might not be worth the paper it’s printed on if you aren’t doing your part.
Cyber insurance is not part of a standard liability policy. You probably are not covered if you haven’t explicitly purchased cyber insurance.
Knowing what is covered and what isn’t under your policy is crucial if you have cyber insurance. Moreover, you must ensure that you comply with the terms and conditions of your insurance company to be eligible for reimbursement in case of a successful cyber attack. The minimum standards for coverage have significantly increased, and the policies are now legally and technically complex. Thus, it’s essential to have a professional who understands both aspects to review your policy and cyber security plan.
Step 2: Prepare to get or renew your policy.
Insurance companies are not fond of paying ransoms, making obtaining and renewing policies much more complex. A few years ago, the assessment of networks required for cyber insurance was done through a short one-page self-assessment questionnaire. However, today, these questionnaires have grown and can be dozens of pages long.
Here are five primary areas that need to be reviewed:
- Do you have MFA for email and sensitive information?
- Do you have backups, and are you sure they are working?
- Do you have up-to-date, active antivirus installed on all computers?
- Do you have a written documented breach response plan?
- Do you have up-to-date, active firewall technology?
If you answer no to these questions, your policy will not be renewed or granted. Once your renewal is denied, obtaining insurance becomes much more challenging.
Remember, if you answer yes and the answer is no, your policy will be terminated, making it next to impossible to get cyber insurance.
Step 3: Avoid becoming a victim.
As your car insurance increases after an accident, the same is true after a successful cyber attack. So, do everything in your power to prevent that!
The good news is that 93% of security breaches are preventable, so you can prevent most attacks! One way is to ensure someone inspects your network at least every 90 days. Another good way is to provide your team with regular cybersecurity training.
How do we prepare for New Cyber Insurance Requirements?
Commonwealth Sentinel offers a comprehensive suite of cybersecurity services to safeguard your organization from digital threats. We can also guide you through the process of obtaining cyber insurance coverage and provide expert advice on keeping your organization secure. To schedule a free consultation, click here or contact us at (502) 320-9885.